Subfinder
Passive subdomain discovery tool
A repository of community-submitted scanners, payload editors, decoders, and security utilities.
Passive subdomain discovery tool
Open-source C2 framework
Advanced C2 framework
Web path scanner
Password brute force tool
Nmap (Network Mapper) is a powerful open-source tool used for network discovery and security auditing. ## 🔧 Installation ### Linux: sudo apt update && sudo apt install nmap ### Mac: brew install nmap ### Windows: Download from https://nmap.org/download.html ## ▶️ Basic Usage ### Scan a single target: nmap 192.168.1.1 ### Scan multiple ports: nmap -p 1-1000 target.com ### Service & version detection: nmap -sV target.com ### OS detection: nmap -O target.com ## ⚡ Advanced Usage - Aggressive scan: nmap -A target.com - Scan with scripts: nmap --script vuln target.com ## 🎯 Use Cases - Network reconnaissance - Port scanning - Vulnerability detection - Service enumeration ## 🧠 Pro Tip Use Nmap with -A only when needed, as it is noisy and detectable.
Burp Suite is a professional web application security testing tool used for intercepting and modifying HTTP requests. ## 🔧 Installation ### Download: https://portswigger.net/burp Install and run the installer. ## ▶️ Setup 1. Open Burp Suite 2. Enable proxy (127.0.0.1:8080) 3. Configure browser proxy settings 4. Install Burp CA certificate ## ⚡ Usage ### Intercept Requests: Turn ON intercept and capture requests. ### Modify Requests: Edit parameters before forwarding. ### Repeater: Send request to repeater for manual testing. ### Intruder: Automate attacks like brute force or fuzzing. ## 🎯 Use Cases - Web app pentesting - Parameter tampering - Authentication bypass - Bug bounty hunting ## 🧠 Pro Tip Use Burp with FoxyProxy for easy browser switching.
Metasploit Framework is a powerful exploitation framework used for developing and executing exploits. ## 🔧 Installation ### Linux: sudo apt install metasploit-framework ### Start: msfconsole ## ▶️ Basic Usage ### Search exploit: search vsftpd ### Use exploit: use exploit/unix/ftp/vsftpd_234_backdoor ### Set options: set RHOST target_ip ### Run: exploit ## ⚡ Advanced - Payload selection: set PAYLOAD linux/x86/meterpreter/reverse_tcp - Sessions: sessions -i 1 ## 🎯 Use Cases - Exploitation - Post-exploitation - Privilege escalation - Red teaming ## 🧠 Pro Tip Always use in legal lab environments only.
Gobuster is a brute-force tool used for discovering hidden directories and files. ## 🔧 Installation ### Linux: sudo apt install gobuster ## ▶️ Usage ### Directory brute-force: gobuster dir -u http://example.com -w wordlist.txt ### DNS brute-force: gobuster dns -d example.com -w wordlist.txt ## 🎯 Use Cases - Directory discovery - Hidden endpoints - Recon ## 🧠 Pro Tip Use SecLists wordlists for better results.
Amass is a reconnaissance tool used for in-depth subdomain enumeration. ## 🔧 Installation ### Linux: sudo apt install amass ## ▶️ Usage ### Passive scan: amass enum -passive -d example.com ### Active scan: amass enum -active -d example.com ### Save output: amass enum -d example.com -o output.txt ## 🎯 Use Cases - Subdomain discovery - Attack surface mapping - Recon phase ## 🧠 Pro Tip Combine Amass with other tools like Subfinder.
SQLMap is an automated SQL injection tool used to detect and exploit database vulnerabilities. ## 🔧 Installation git clone https://github.com/sqlmapproject/sqlmap.git cd sqlmap ## ▶️ Usage ### Basic scan: python sqlmap.py -u "http://site.com/page?id=1" ### Enumerate DBs: --dbs ### Dump database: --dump ## ⚡ Advanced - Use cookies: --cookie="PHPSESSID=xyz" - POST request: --data="id=1" ## 🎯 Use Cases - SQL Injection testing - Database extraction - Vulnerability assessment ## 🧠 Pro Tip Use --risk and --level flags for deeper testing.
Password cracking tool
Linux privilege escalation script
Windows privilege escalation script
Active Directory attack path analysis
LLMNR/NBT-NS poisoning tool
Network protocol toolkit
Post-exploitation tool
A lightweight bash utility and system configuration hardening script for Linux production servers that restricts access to sysctl parameters, kernel logs, and debug ports.
A modular, high-speed parallel port scanner and service banner grabber with integrated vulnerability matching capabilities and custom protocol scripting.